[Samba] Is Samba 4.9 and "map untrusted to domain" possible anymore?
Harald Hannelius
harald+samba at arcada.fi
Thu Jun 4 14:07:07 UTC 2020
On Thu, 4 Jun 2020, Rowland penny via samba wrote:
> On 04/06/2020 14:46, Harald Hannelius via samba wrote:
>>
>> So the best way for me would be to implement the RFC2307/SFU schema in the
>> Windows AD "AD", add the same uidNumber for every user in "AD" as they had
>> in the old "Samba" domain, and then just join the fileservers to the "AD"
>> domain?
>>
>> Then I change the map-range to be like it was for the "SAD" domain.
>>
>> It's more like migrating filesystems with users and groups tied to files
>> than just migrating users.
>
> Yes you could do that, but don't forget groups as well and if you do not have
> any groups (usergroups count as no groups), ensure that Domain Users has a
> gidNumber inside whatever range you end up with.
Ouch. I forgot my groups. Have to calculate them in as well.
And another ouch is I would not be able to utilize my Samba AD which I like
much better than the Windows version.
If I remember correctly, there's no additional idmap range for groups but
they are rather inside the same numeric range as users in AD? So I now have
duplicate idmap numbers because they originate from users and groups?
I appreciate your help.
--
Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
More information about the samba
mailing list